package com.zhiyou.shiro;

import com.zhiyou.bean.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.http.HttpSession;

@Controller
@RequestMapping("/shiro")
public class ShiroController {

    @Autowired
    ShiroService shiroService;

    @RequestMapping("/login")
    public String login(User user, HttpSession session){

        System.out.println("=======================ShiroConller============================");
        System.out.println(user.getuUsername());
        System.out.println(user.getuPassword());
        Boolean f = shiroService.isOnStatus(user);
        System.out.println(f);
        Subject subject = SecurityUtils.getSubject();
        if (f){
            if (!subject.isAuthenticated()){
                UsernamePasswordToken token = new UsernamePasswordToken(user.getuUsername(),user.getuPassword());
                subject.login(token);
            }
        }else {

            return "relogin";
        }

        session.setAttribute("username",user.getuUsername());
        System.out.println("认证成功");
        System.out.println(subject.hasRole("智游老总"));
        System.out.println("角色授权成功");
        System.out.println(subject.isPermitted("sys:contract:delete"));
        System.out.println("权限授权成功");
        return "main";
    }
}
